Hotmail users are being advised to change their passwords, after thousands of account details were posted online.

A list containing more than 10,000 apparently genuine account names and passwords was posted to a website last week, where it remained until being spotted over the weekend by Microsoft security researchers.

Microsoft said its internal data for Windows Live Hotmail was not breached and the user credentials were likely obtained through a phishing scheme. According to Neowin.net, the list of usernames and passwords appeared to be mostly based in Europe and included hotmail.com, msn.com and live.com accounts.

If you receive an email telling you to provide your password it is a phish. That is as simple as it gets. Never give out your password. Even if a known IT professional asks you for it. There are only two kinds of people who ask you for your password… thieves and idiots. You don’t want to give your password to a thief and an idiot can’t be trusted with it, so don’t give it out.

Computerworld - One researcher isn't buying Microsoft's and Google's explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.

Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.